Amazon-Perplexity Court Ruling Signals New Constraints for AI Agents in Enterprise Systems

A US federal court ruling in Amazon.com Services LLC v. Perplexity AI is raising new questions about how AI agents will operate across enterprise systems, including SAP environments. A March 9 preliminary decision from the Northern District of California found that AI agents may violate state and federal law when accessing password-protected systems without platform authorization, even if acting on behalf of a user.

The case highlights a growing tension at the center of agentic AI adoption: Whether user authorization is sufficient for agents to act across systems, or whether platform-level controls ultimately govern access. As organizations explore AI agents to orchestrate workflows across SAP S/4HANA, SuccessFactors, Ariba, and third-party applications, this ruling suggests that system-of-record platforms may retain final authority over how agents interact with their data and processes.

User Consent vs. Platform Control

Amazon alleged that Perplexity’s AI agent, Comet, accessed users’ password-protected Amazon accounts to browse products and make purchases without identifying itself as an AI system. According to the complaint, this violated Amazon’s terms of service, which restrict agent access to public areas and require identification of automated traffic.

The court sided with Amazon at the preliminary injunction stage, finding the company was likely to succeed under both the federal Computer Fraud and Abuse Act (CFAA) and California’s Comprehensive Computer Data Access and Fraud Act (CDAFA).

Critically, the court rejected the argument that user consent alone constituted authorization. Instead, it found that Amazon’s terms—and its explicit revocation of access via cease-and-desist—controlled whether access was permitted.

The ruling effectively establishes a hierarchy that platform rules may override user instructions when it comes to automated access.

Preliminary Ruling with Broad Implications

While the decision is now on appeal to the Ninth Circuit and enforcement has been temporarily stayed, it marks one of the first judicial interpretations of how agentic systems interact with existing computer access laws.

Platforms like Amazon are seeking to preserve control over customer interactions and system access, while AI agent providers argue that agents are simply extensions of user intent. That tension goes beyond legal doctrine. It points to a structural question about the future of digital systems: Whether AI agents will operate as independent intermediaries across platforms, or be constrained to tightly controlled, platform-approved pathways.

What This Means for SAPinsiders

Platform-level control will shape agent architecture. The ruling reinforces that system owners instead of users may determine how AI agents access enterprise applications. For SAP landscapes, this elevates the importance of SAP’s APIs, identity frameworks, and governance layers in controlling how agents interact with core systems. Enterprise architects should design agent workflows around sanctioned access points rather than assuming unrestricted system navigation.

Integration strategy must account for legal as well as technical constraints. Agent-based orchestration across SAP and non-SAP systems will increasingly depend on formal integration models, including APIs, partner ecosystems, and platform-approved extensions. Teams should align AI initiatives with existing SAP integration strategies to avoid building capabilities that may later face access restrictions or compliance challenges.

Governance and risk management move to the forefront of AI adoption. As agents begin to execute transactions and access sensitive data, legal exposure tied to unauthorized access becomes a real consideration. SAP leaders should incorporate agent governance into broader GRC frameworks, ensuring that AI-driven automation aligns with platform policies, audit requirements, and evolving regulatory interpretations.